Overvalidations are bad

Form validation is one thing I have always hated. Both to implement and to use as a user. A very few web apps seem to be getting it correct.

I wanted to hire a Rackspace Server and hence visited their site. They have this good business opportunity and they might lose it just because some one goofed up with form usability.

They have goofed up here more than once. Whats wrong with this screen?

1. Why do I need to signup just to have a look at the options I can select from and their relative prices ? (This I feel is for marketing purpose. They want to grab you email even if you have slight intentions of buying their service)

2. WTF are the restrictions on the password? And if you think this is for security reasons then notice that they are not allowing a special character in the password.

3. The passwords must match error is simply wrong. It pops us even if passwords match but they are invalid.

Another point I would like make is that validations are complicated. There are two reasons why you should validate a field.

1. The data that you store in database must be consistent. You should know it’s format in order to process it later.

2. Security. By enforcing certain rules with fields like password you are helping users to have a secure account.

I think following thumb rules must help.

1. If you don’t need a data simply make it optional. User name in above case. When you have email address why do you ask for a separate user name?

2. For passwords you can have a lower limit for it’s complexity but no upper limit. I mean let the password be as complicated as possible. Allow special characters. And if you cant allow special characters dont demand things like “atleast one upper case letter, one numeric” and so on. People like to use their usual password and that password may not meet your rules.

3. Dont care too much about fields such as URL, telephone number, Zip Code and so on. Its okay to have completely useless Phone Number and Zip Code. I had notices one application that lets you select country from a drop down then the city from the drop down. Then it asks you to enter the zip code in a text box. But if the zip code does not match the city it throws error. When you already know the zips in the city why not provide another drop down ?

Several non-tech clients seem to think that having all kind of validations will make their site secure. I think we should balance the trade-off between usability and validations in user’s favor whenever possible.


2 thoughts on “Overvalidations are bad

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s